What ASN.1 got right
Nico Williams <nico@cryptonector.com> Tue, 02 March 2021 01:07 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DAC83A0853 for <ietf@ietfa.amsl.com>; Mon, 1 Mar 2021 17:07:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cr3i1Dz6Ut_o for <ietf@ietfa.amsl.com>; Mon, 1 Mar 2021 17:07:37 -0800 (PST)
Received: from bumble.maple.relay.mailchannels.net (bumble.maple.relay.mailchannels.net [23.83.214.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5EF313A084A for <ietf@ietf.org>; Mon, 1 Mar 2021 17:07:37 -0800 (PST)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 8C552542910; Tue, 2 Mar 2021 01:07:36 +0000 (UTC)
Received: from pdx1-sub0-mail-a86.g.dreamhost.com (100-96-17-38.trex.outbound.svc.cluster.local [100.96.17.38]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 0A0845421BE; Tue, 2 Mar 2021 01:07:36 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a86.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384) by 100.96.17.38 (trex/6.0.2); Tue, 02 Mar 2021 01:07:36 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Arch-Language: 371956ce115d5ed7_1614647256265_1440359558
X-MC-Loop-Signature: 1614647256264:3699900727
X-MC-Ingress-Time: 1614647256264
Received: from pdx1-sub0-mail-a86.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a86.g.dreamhost.com (Postfix) with ESMTP id C16FB7E52C; Mon, 1 Mar 2021 17:07:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:subject:message-id:mime-version:content-type; s= cryptonector.com; bh=l/6zndbbkLL6zHHXEmZyXWIgiIs=; b=MclfesA6OJU zuB0n/0lBQvJbnlvLk3GyiO50u2IBBHSL2IsjDuOd4SYjVXABQcOqP/n8cDnpT53 m+Cp2Ki9kP+5MlWsVZN4Biwjx89WAzeznJdLzDFAMwXVGoLYwCUAfrxQLL4K76b1 oWuZR+yKYZY21WSSYdDKJ5kEjSxrbk7I=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a86.g.dreamhost.com (Postfix) with ESMTPSA id 6187E7EC5A; Mon, 1 Mar 2021 17:07:34 -0800 (PST)
Date: Mon, 01 Mar 2021 19:07:32 -0600
X-DH-BACKEND: pdx1-sub0-mail-a86
From: Nico Williams <nico@cryptonector.com>
To: ietf@ietf.org
Subject: What ASN.1 got right
Message-ID: <20210302010731.GL30153@localhost>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.9.4 (2018-02-28)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/2pFVizPkiCcxbroW8BOpEyEc6ao>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Mar 2021 01:07:39 -0000
As an ASN.1 implementor, I can tell you things I, like many of you, hate about ASN.1: - ugly syntax (made uglier by having tags as optional lexical elements) - ugly OIDs (should have been URNs or URN-like) - BER/DER/CER and all TLV encodings in the world (protocol buffers, I'm looking at you too) are awful - the fact that the specs were, for a long time, non-free, which led to a dearth of open source tooling that still persists somewhat (though not as bad as it used to be) - the fact that for years people hand-rolled their codecs due to the previous item, and so created many bugs - X.400/X.500, which are not part of ASN.1, of course, but closely related -- especially X.500 style naming! Having recently implemented automatic open type decoding handling X.681/ X.682/X.683 (see RFCs 6025 for some insight, and 5912 for real examples that I'm making use of), I can tell you that ASN.1 got some things right: - rich formalisms ("constraints") - separation of syntax and encoding rules The fact that there are many encoding rules for ASN.1, of almost every kind (binary TLV, binaray non-TLV, and textual, including XML- and JSON-based rules) proves the last point. I can't help but see how XDR, NDR, and flatbuffers, among many other encodings out there, could easily be used with ASN.1. (E.g., what XDR and NDR call "pointers" are just optional fields in ASN.1.) The fact that one can implement automatic open type decoding using ASN.1 formalisms and those already published in, e.g., RFC 5912[*] proves the utility of those formalisms. I now get to see certificates and many other things in all their "glorious" detail as JSON, including all extensions and what not, and that's made possible by these formalisms. I beg the next person to re-invent this darned wheel to please educate themselves as to what came before. Among many lessons you should learn, learn that some things can't be monetized well enough, or at all, or can only be monetized in exchange for limiting their adoption, so figure out what your goals are, then align pricing and licensing with those. And since open types appear to be unavoidable, but also always a pain if you don't have the metaschema to express the metadata needed to automate their handling, don't forget to cover that. XML, of course, with namespaces and references, has a reasonable approach to open types as well. It's not just ASN.1 that gets that right well enough. Nico [*] A big thank you to RFC 5912's authors, though sadly one of them has passed.
- Re: What ASN.1 got right Michael Thomas
- What ASN.1 got right Nico Williams
- RE: What ASN.1 got right Larry Masinter
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Tim Bray
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Keith Moore
- Re: What ASN.1 got right Theodore Ts'o
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Carsten Bormann
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Dirk-Willem van Gulik
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Dirk-Willem van Gulik
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right George Michaelson
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Christian Huitema
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right George Michaelson
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Jared Mauch
- Re: What ASN.1 got right Keith Moore
- Re: What ASN.1 got right Phillip Hallam-Baker
- Re: What ASN.1 got right Dirk-Willem van Gulik
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Nico Williams
- Re: What ASN.1 got right Michael Thomas
- TLS on disconnected/intermittently connected netw… Keith Moore
- Re: What ASN.1 got right Keith Moore
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Keith Moore
- Re: What ASN.1 got right Michael Thomas
- Re: What ASN.1 got right Keith Moore
- Re: What ASN.1 got right Michael Thomas
- Re: TLS on disconnected/intermittently connected … Viktor Dukhovni
- Re: TLS on disconnected/intermittently connected … Keith Moore
- Re: TLS on disconnected/intermittently connected … Sam Hartman
- Re: TLS on disconnected/intermittently connected … Keith Moore
- Re: TLS on disconnected/intermittently connected … Viktor Dukhovni
- Re: TLS on disconnected/intermittently connected … Sam Hartman
- Re: TLS on disconnected/intermittently connected … Keith Moore
- Re: TLS on disconnected/intermittently connected … Michael Thomas
- Re: TLS on disconnected/intermittently connected … Keith Moore
- Re: TLS on disconnected/intermittently connected … Michael Richardson